Fix: Mantis#2326: Fix: privilege escalation through attach from ground

Fix: objects being duplicated inventory on detach. Fix: Mad jumping around of
attachments while editing. Fix: Attachments being persisted to database on
login. Fix: Attachments being persisted when changed by a script like
invisprim refresh. Fix: Attachpoint set, but not reset correctly. Fix: prevent
spurious full updates while editing attachments. Several other fixes
0.6.0-stable
Melanie Thielker 2008-10-03 21:44:33 +00:00
parent 61c17a251b
commit ab260b5d23
6 changed files with 67 additions and 59 deletions

View File

@ -418,8 +418,18 @@ namespace OpenSim.Region.Environment.Scenes
/// <param name="rot"></param>
protected internal void AttachObject(IClientAPI remoteClient, uint objectLocalID, uint AttachmentPt, Quaternion rot)
{
// Calls attach with a Zero position
// If we can't take it, we can't attach it!
//
SceneObjectPart part = m_parentScene.GetSceneObjectPart(objectLocalID);
if (part == null)
return;
if (!m_parentScene.ExternalChecks.ExternalChecksCanTakeObject(
part.UUID, remoteClient.AgentId))
return;
// Calls attach with a Zero position
//
AttachObject(remoteClient, objectLocalID, AttachmentPt, rot, Vector3.Zero);
}
@ -431,6 +441,7 @@ namespace OpenSim.Region.Environment.Scenes
(uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer),
(uint)(PermissionMask.Copy | PermissionMask.Move | PermissionMask.Modify | PermissionMask.Transfer),
ItemFlags, false, false, remoteClient.AgentId, true);
objatt.SetAttachmentPoint(Convert.ToByte(AttachmentPt));
if (objatt != null)
{
@ -514,7 +525,6 @@ namespace OpenSim.Region.Environment.Scenes
UUID newAssetID = m_parentScene.attachObjectAssetStore(remoteClient, group, remoteClient.AgentId);
// sets assetID so client can show asset as 'attached' in inventory
group.SetFromAssetID(newAssetID);
}
group.AttachToAgent(remoteClient.AgentId, AttachmentPt, attachPos);
// In case it is later dropped again, don't let

View File

@ -1684,7 +1684,8 @@ namespace OpenSim.Region.Environment.Scenes
Queue<InventoryFolderImpl> searchfolders = new Queue<InventoryFolderImpl>();
searchfolders.Enqueue(userInfo.RootFolder);
UUID foundFolder = userInfo.RootFolder.ID;
UUID foundFolder = UUID.Zero;
InventoryItemBase item = null;
// search through folders to find the asset.
while (searchfolders.Count > 0)
@ -1696,6 +1697,7 @@ namespace OpenSim.Region.Environment.Scenes
{
if (fld.Items.ContainsKey(assetID))
{
item = fld.Items[assetID];
foundFolder = fld.ID;
searchfolders.Clear();
break;
@ -1711,49 +1713,30 @@ namespace OpenSim.Region.Environment.Scenes
}
}
AssetBase asset = CreateAsset(
objectGroup.GetPartName(objectGroup.LocalId),
objectGroup.GetPartDescription(objectGroup.LocalId),
(sbyte)AssetType.Object,
Utils.StringToBytes(sceneObjectXml));
AssetCache.AddAsset(asset);
InventoryItemBase item = new InventoryItemBase();
item.Creator = objectGroup.RootPart.CreatorID;
item.Owner = agentID;
item.ID = assetID;
item.AssetID = asset.FullID;
item.Description = asset.Description;
item.Name = asset.Name;
item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object;
// Sticking it in root folder for now.. objects folder later?
item.Folder = foundFolder;// DeRezPacket.AgentBlock.DestinationID;
if ((agentID != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions())
if (foundFolder != UUID.Zero && item != null)
{
item.BasePermissions = objectGroup.RootPart.NextOwnerMask;
item.CurrentPermissions = objectGroup.RootPart.NextOwnerMask;
item.NextPermissions = objectGroup.RootPart.NextOwnerMask;
item.EveryOnePermissions = objectGroup.RootPart.EveryoneMask & objectGroup.RootPart.NextOwnerMask;
}
else
{
item.BasePermissions = objectGroup.GetEffectivePermissions();
item.CurrentPermissions = objectGroup.GetEffectivePermissions();
item.NextPermissions = objectGroup.RootPart.NextOwnerMask;
item.EveryOnePermissions = objectGroup.RootPart.EveryoneMask;
}
AssetBase asset = CreateAsset(
objectGroup.GetPartName(objectGroup.LocalId),
objectGroup.GetPartDescription(objectGroup.LocalId),
(sbyte)AssetType.Object,
Utils.StringToBytes(sceneObjectXml));
AssetCache.AddAsset(asset);
userInfo.AddItem(item);
item.AssetID = asset.FullID;
item.Description = asset.Description;
item.Name = asset.Name;
item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object;
item.Folder = foundFolder;
// this gets called when the agent loggs off!
if (remoteClient != null)
{
remoteClient.SendInventoryItemCreateUpdate(item);
userInfo.UpdateItem(item);
// this gets called when the agent loggs off!
if (remoteClient != null)
{
remoteClient.SendInventoryItemCreateUpdate(item);
}
}
}
}
}
@ -1786,9 +1769,8 @@ namespace OpenSim.Region.Environment.Scenes
item.AssetType = asset.Type;
item.InvType = (int)InventoryType.Object;
// Sticking it in root folder for now.. objects folder later?
item.Folder = UUID.Zero; // Objects folder!
item.Folder = userInfo.RootFolder.ID;// DeRezPacket.AgentBlock.DestinationID;
if ((remoteClient.AgentId != objectGroup.RootPart.OwnerID) && ExternalChecks.ExternalChecksPropagatePermissions())
{
item.BasePermissions = objectGroup.RootPart.NextOwnerMask;
@ -1805,8 +1787,11 @@ namespace OpenSim.Region.Environment.Scenes
}
item.CreationDate = Util.UnixTimeSinceEpoch();
grp.SetFromAssetID(item.ID);
userInfo.AddItem(item);
remoteClient.SendInventoryItemCreateUpdate(item);
return item.AssetID;
}
return UUID.Zero;

View File

@ -734,16 +734,18 @@ namespace OpenSim.Region.Environment.Scenes
m_rootPart.IsAttachment = true;
m_rootPart.SetParentLocalId(avatar.LocalId);
lock (m_parts)
{
foreach (SceneObjectPart part in m_parts.Values)
{
part.SetAttachmentPoint(attachmentpoint);
}
}
SetAttachmentPoint(Convert.ToByte(attachmentpoint));
avatar.AddAttachment(this);
m_rootPart.ScheduleFullUpdate();
// Killing it here will cause the client to deselect it
// It then reappears on the avatar, deselected
// through the full update below
//
foreach (SceneObjectPart part in m_parts.Values)
m_scene.SendKiPrimitive(part.LocalId);
IsSelected = false; // fudge....
ScheduleGroupForFullUpdate();
}
}
public byte GetAttachmentPoint()
@ -757,10 +759,7 @@ namespace OpenSim.Region.Environment.Scenes
public void ClearPartAttachmentData()
{
foreach (SceneObjectPart part in m_parts.Values)
{
part.SetAttachmentPoint((Byte)0);
}
SetAttachmentPoint((Byte)0);
}
public void DetachToGround()
@ -775,7 +774,7 @@ namespace OpenSim.Region.Environment.Scenes
AbsolutePosition = detachedpos;
m_rootPart.AttachedAvatar = UUID.Zero;
m_rootPart.SetParentLocalId(0);
m_rootPart.SetAttachmentPoint((byte)0);
SetAttachmentPoint((byte)0);
m_rootPart.IsAttachment = false;
m_rootPart.ApplyPhysics(m_rootPart.GetEffectiveObjectFlags(), m_scene.m_physicalPrim);
HasGroupChanged = true;
@ -2755,5 +2754,14 @@ namespace OpenSim.Region.Environment.Scenes
{
return String.Format("{0} {1} ({2})", Name, UUID, AbsolutePosition);
}
public void SetAttachmentPoint(byte point)
{
lock(m_parts)
{
foreach (SceneObjectPart part in m_parts.Values)
part.SetAttachmentPoint(point);
}
}
}
}

View File

@ -2097,6 +2097,11 @@ namespace OpenSim.Region.Environment.Scenes
/// <param name="clientFlags"></param>
public void SendFullUpdateToClient(IClientAPI remoteClient, Vector3 lPos, uint clientFlags)
{
// Suppress full updates during attachment editing
//
if (ParentGroup.IsSelected && IsAttachment)
return;
clientFlags &= ~(uint) PrimFlags.CreateSelected;
if (remoteClient.AgentId == _ownerID)

View File

@ -244,7 +244,7 @@ namespace OpenSim.Region.ScriptEngine.DotNetEngine
int lineEnd = script.IndexOf('\n');
if (lineEnd != -1)
if (lineEnd > 1)
{
string firstline = script.Substring(0, lineEnd).Trim();

View File

@ -342,7 +342,7 @@ namespace OpenSim.Region.ScriptEngine.XEngine
int lineEnd = script.IndexOf('\n');
if (lineEnd != 1)
if (lineEnd > 1)
{
string firstline = script.Substring(0, lineEnd).Trim();